Tag: human error
Disgruntled ex-Disney employee highlights insider threat
The Walt Disney Company, which has long had a history of troubled labor relations, recently found itself the victim of a disgruntled former employee. According to an affidavit in support of a criminal complaint against the former employee, Michael Scheuer, Disney discovered a security breach allegedly used to make its menus unusable, together with the redirection of QR codes to direct Disney customers to a website calling for a boycott of Israel. More seriously, it alleged that the threat actor manipulated allergen information on Disney menus, indicating that certain menu items were safe for people with peanut allergies when, in fact, they could have been potentially deadly for some diners. Scheuer is also alleged to have conducted denial of service attacks on four former colleagues and to have paid visits outside the home of one of them.
Organizations’ staff are their biggest security risk
Careless employees are the main root cause of data loss in organizations. According to the cybersecurity and compliance company Proofpoint, almost three-quarters (74 percent) of CISOs believe human error is their biggest cyber vulnerability. This is up from 60 percent in 2023 and 56 percent in 2022. Even more (80 percent) believe human risk and employee negligence will be the key cybersecurity concerns for the next two years. “Our research shows that CISOs generally believe their people are aware of their critical role in defending the business from cyber threats. That CISOs still see their people as the primary risk factor suggests a disconnect between employees’ understanding of cyber threats and their ability to keep them at bay,” says Proofpoint.
Security Flaws Found in ChatGPT Plugins – March 15th
According to Salt Labs research, third-party OpenAI ChatGPT plugin security flaws could allow attackers to install malicious plugins, and hijack third-party website accounts. Leveraging security gaps in ChatGPT plugins' large language models (LLMs), OAuth workflow, and PluginLab both feature weaponizable vulnerabilities.
Ukraine’s Largest Telecom Crippled by Russian Cyberattack – December 13th
Kyivstar, Ukraine's largest telecom provider announced it was hit by a devastating cyberattack, disrupting internet access for over 26 million users. Kyivstar's parent company, VEON Ltd confirmed the devastating cyberattack, claiming it to be “one of the largest cyberattacks in the history of the global telecom market.”
IT security responsible for 14% of cyber-breaches
A staggering 14 percent of cyber incidents are due to senior IT security staff errors, compounded by a further 15% of errors caused by other IT staff. According to a new study published by cybersecurity firm Kaspersky, over the last two years, 77 percent of companies experienced between one and six cybersecurity breaches, with IT security staff being directly culpable for almost a third of all cybersecurity breaches.
Millions of individuals’ DNA selling for a dollar a piece
At least seven million customers of San Francisco-based DNA company, 23andMe, are now seeing their confidential and highly personal genetic data up for sale on the internet. The hackers are also offering the millions of victims’ personal email addresses for good measure and to best assist potential blackmailers and fraudsters.